System Administration Guide: Security Services

ProcedureHow to Add a PAM Module

This procedure shows how to add a new PAM module. New modules can be created to cover site-specific security policies or to support third party applications.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).

  2. Determine which control flags and which other options should be used.

    Refer to How PAM Stacking Works for information on the control flags.

  3. Ensure that the ownership and permissions are set so that the module file is owned by root and the permissions are 555.

  4. Edit the PAM configuration file, /etc/pam.conf, and add this module to the appropriate services.

  5. Verify that the module has been added properly.

    You must test before the system is rebooted in case the configuration file is misconfigured. Login using a direct service, such as ssh, and run the su command, before you reboot the system. The service might be a daemon that is spawned only once when the system is booted. Then, you must reboot the system before you can verify that the module has been added.